Conclusion 03: A Wave of Activity
Most companies have responded to Sept. 11 by rethinking their level of risk, getting IT and business execs involved in continuity planning, and taking steps to ensure business continuity after the Sept. 11 terrorist attacks. For many, these steps include decentralizing their IT architecture, moving their data center, and personnel changes. Still, while a third of businesses didn't have a business continuity plan before Sept. 11, some firms are still running blind, working without a plan to help them prepare for another disaster.
The good news is that about 80% of companies have a business continuity plan; the bad news is that about one in five companies in corporate America still do not have one. Thirty-three percent of those who had such plans before Sept. 11 say they've made or intend to make significant changes to their disaster recovery plans, including better training on security procedures and more frequent backups of corporate data. Companies that have lost more than 10% of revenues due to Sept. 11 are now more likely to back up data more frequently, but that's the only activity more than half of these respondents have stepped up.
IT departments have generally made substantive changes to their infrastructure and policies. Nearly half are likely to have modified their policies for coping with security breaches. Forty-four percent relocated their data centers, and more than half switched to a more distributed data processing architecture, both potentially expensive moves. More than six out of 10 are now using a more distributed storage scheme, which should provide cost-effective redundancy. A backup network was established by nearly two-thirds of those surveyed. Almost half added new IT security personnel. Finally, 79% are working to better ensure that their security procedures are being complied with, a predictable but low-cost step.
About eight in 10 took the basic step of performing new risk analyses after Sept. 11, and 78% are making sure that security procedures are better observed. Greater involvement by IT and business execs in the planning process and new mail-handling steps were all cited by about two-thirds of respondents. Almost half added a new organizational role such as a Chief Security Officer.